The brute-force SSH attacks that have plagued the Internet for much of this year are continuing, and experts are responding by creating tools to stop the brute-force attempts and lists of the attacking IP addresses. The SANS Internet Storm Center has a good post with some information on SSH attack mitigation tools and advice on what to do if you’re being attacked. But the most interesting information on this wave of attacks is coming from The Shadowserver Foundation, which has compiled a quick list of some IP addresses that are attacking and the domains that own those machines. The list has quite a few interesting domains on it, including a number of U.S. colleges and universities. Shadowserver also has a chart showing which countries have the most attacking IP addresses, and not surprisingly, the U.S. and China are at the top of the list, with nearly 17% in China and nearly 14% in the U.S.

It’s a small sample size, but if you’re being hit with this, it never hurts to know where it’s coming from. These attacks have been ongoing for several months, and there are a variety of attack tools out there to make life simple for the bad guys. Stay tuned, as I’d doubt this is going to stop anytime soon.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

About This Blog

This blog covers topics across the spectrum of security, privacy and compliance, as well as the people and issues driving enterprise infosec today.